Securing the Cloud Security From the Inside-Out

Securing the Cloud Security From the Inside-Out

Security in the cloud requires an inversion of the traditional approach to security by assessing security from the inside-out rather than the outside-in.

Reconnaissance

During the reconnaissance step, an attacker looks for publicly available information on the Internet either to find a target that has vulnerabilities that can be compromised or to see what vulnerabilities exist within the cloud infrastructure of a specific organization.

Catching Brute Force Attackers During Reconnaissance

To catch potential hackers during reconnaissance, implement continuous security monitoring to alert you to any scanning activity and abnormal login attempts or failures.

Weaponization

After reconnaissance on your own network, consider the types of exploits and malicious payloads that could be used.

Delivery

An attacker can send an exploit or malicious payload several ways. To detect an attack, implement continuous security monitoring. Knowing about a vulnerability before a signature is created is a huge advantage against attackers.

Exploitation

During the execution of an attack, the attacker establishes a foothold by finding a vulnerability in the server service, or through the use of compromised credentials. He or she can gain further access via a local privilege escalation exploit.

Installation

During installation, an attacker typically installs a program (a kernel module or rootkit, for example) or file to maintain the connection and control without detection. That lets him or her operate internal assets remotely.

Command and Control

The connection from a compromised server or an outbound connection to an unusual IP address or host can indicate that an attacker has gained a foothold and is using it to install a program to help maintain connection and control.

Disabled Antivirus or Defensive Tools

An attacker may leverage command and control to stop certain services or processes, like antivirus or defensive tools, to hide their activity. Such suspicious behavior indicates an attack underway.

Action on Objectives

During the final step of an attack, an attacker carries out his or her main objective, compromising the network or accessing valuable assets like customer data, intellectual property or health-care data. To protect data in this final step, implement File Integrity Monitoring (FIM) to watch who accesses certain files and when.

It's important to have a plan in place to protect against the most common threats to your cloud infrastructure. Understanding your vulnerabilities by thinking like an attacker and mapping your defenses to the cyber kill chain can go a long way in protecting your organization. Taking preventive actions will result in an early warning against the most common threats and help you identify a potential security event before it compromises your data, network or business. "Security in the cloud requires an inversion of the traditional approach to security, so it approaches security from the inside-out vs. the outside-in," explained Brian Ahern, CEO of cloud security company Threat Stack. "Perimeters and assets are dying off, and role-based architectures are being made super-trivial in this software-defined everything world." An organization can identify a compromise and eliminate threats before they result in a security breach and data loss that could potentially bring down the entire business, he said. Here, Ahern shows how to recognize steps of an attack and measures you can take to repel it.

Karen A. Frenkel writes about technology and innovation and lives in New York City.